CVE-2013-1774 and CVE-2019-19252

cves/kernel/CVE-2013-1774.yml

@@ -19,7 +19,7 @@ curated_instructions: |
   This will enable additional editorial checks on this file to make sure you
   fill everything out properly. If you are a student, we cannot accept your work
   as finished unless curated is properly updated.
-curation_level: 0
+curation_level: 2
 reported_instructions: |
   What date was the vulnerability reported to the security team? Look at the
   security bulletins and bug reports. It is not necessarily the same day that
@@ -55,7 +55,11 @@ description_instructions: |
 
   Your target audience is people just like you before you took any course in
   security
-description:
+description: |
+  In the Linux kernel, the chase_port function in drivers/usb/serial/io_ti.c 
+  allowed local users to cause a denial of service via a NULL pointer dereference and
+  system crash. This occurred after an attempted /dev/ttyUSB read or write 
+  operation on a disconnected Edgeport USB serial converter.
 bounty_instructions: |
   If you came across any indications that a bounty was paid out for this
   vulnerability, fill it out here. Or correct it if the information already here
@@ -88,10 +92,9 @@ fixes:
   note:
 - commit:
   note:
-- commit: 1ee0a224bc9aad1de496c795f96bc6ba2c394811
+- commit: 1ee0a224bc9aad1de496c795f96bc6ba2c394811 
   note: |
-    Taken from NVD references list with Git commit. If you are
-    curating, please fact-check that this commit fixes the vulnerability and replace this comment with 'Manually confirmed'
+    Manually confirmed
 vcc_instructions: |
   The vulnerability-contributing commits.
 
@@ -106,15 +109,16 @@ vcc_instructions: |
   Place any notes you would like to make in the notes field.
 vccs:
 - commit: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
-  note: Discovered automatically by archeogit.
+  note: | 
+    Discovered automatically by archeogit.
 upvotes_instructions: |
   For the first round, ignore this upvotes number.
 
   For the second round of reviewing, you will be giving a certain amount of
   upvotes to each vulnerability you see. Your peers will tell you how
   interesting they think this vulnerability is, and you'll add that to the
   upvotes score on your branch.
-upvotes:
+upvotes: 1
 unit_tested:
   question: |
     Were automated unit tests involved in this vulnerability?
@@ -129,10 +133,10 @@ unit_tested:
 
     For the fix_answer below, check if the fix for the vulnerability involves
     adding or improving an automated test to ensure this doesn't happen again.
-  code:
-  code_answer:
-  fix:
-  fix_answer:
+  code: False
+  code_answer: False
+  fix: False
+  fix_answer: False
 discovered:
   question: |
     How was this vulnerability discovered?
@@ -147,10 +151,11 @@ discovered:
 
     If there is no evidence as to how this vulnerability was found, then please
     explain where you looked.
-  answer:
-  automated:
-  contest:
-  developer:
+  answer: |
+   Discovered on 2013-02-27 by a Redhat employee.
+  automated: False
+  contest: False
+  developer: True
 autodiscoverable:
   instructions: |
     Is it plausible that a fully automated tool could have discovered
@@ -167,8 +172,11 @@ autodiscoverable:
 
     The answer field should be boolean. In answer_note, please explain
     why you come to that conclusion.
-  note:
-  answer:
+  note: |
+    The vulnerability is caused entirely by a null pointer reference to a peripheral.
+    In theory it might be possible to discover it with a tool but you would have to be 
+    manually involved in the process (ie disconnect the peripheral while tool is running).
+  answer: False
 specification:
   instructions: |
     Is there mention of a violation of a specification? For example, the POSIX
@@ -184,8 +192,9 @@ specification:
 
     The answer field should be boolean. In answer_note, please explain
     why you come to that conclusion.
-  note:
-  answer:
+  note: |
+    Could not find reference to a specification that had been violated.
+  answer: False
 subsystem:
   question: |
     What subsystems was the mistake in? These are WITHIN linux kernel
@@ -219,8 +228,8 @@ subsystem:
     e.g.
         name: ["subsystemA", "subsystemB"] # ok
         name: subsystemA # also ok
-  name:
-  note:
+  name: drivers
+  note: 
 interesting_commits:
   question: |
     Are there any interesting commits between your VCC(s) and fix(es)?
@@ -251,8 +260,8 @@ i18n:
     Answer should be true or false
     Write a note about how you came to the conclusions you did, regardless of
     what your answer was.
-  answer:
-  note:
+  answer: False
+  note: The vulnerability is caused by a null pointer to a perpheral reference.
 sandbox:
   question: |
     Did this vulnerability violate a sandboxing feature that the system
@@ -266,8 +275,8 @@ sandbox:
     Answer should be true or false
     Write a note about how you came to the conclusions you did, regardless of
     what your answer was.
-  answer:
-  note:
+  answer: False 
+  note: The vulnerability does not allow for access to limited access content.
 ipc:
   question: |
     Did the feature that this vulnerability affected use inter-process
@@ -278,8 +287,8 @@ ipc:
     Answer must be true or false.
     Write a note about how you came to the conclusions you did, regardless of
     what your answer was.
-  answer:
-  note:
+  answer: False
+  note: The vulnerability is solely caused by a NULL pointer.
 discussion:
   question: |
     Was there any discussion surrounding this?
@@ -305,9 +314,10 @@ discussion:
 
     Put any links to disagreements you found in the notes section, or any other
     comment you want to make.
-  discussed_as_security:
-  any_discussion:
-  note:
+  discussed_as_security: True
+  any_discussion: True
+  note: |
+    No public disagreements found.
 vouch:
   question: |
     Was there any part of the fix that involved one person vouching for
@@ -320,8 +330,9 @@ vouch:
 
     Answer must be true or false.
     Write a note about how you came to the conclusions you did, regardless of what your answer was.
-  answer:
-  note:
+  answer: True
+  note: |
+    Commit was signed off by two people. Can be found on git.kernel.org.
 stacktrace:
   question: |
     Are there any stacktraces in the bug reports?
@@ -335,9 +346,10 @@ stacktrace:
     Answer must be true or false.
     Write a note about how you came to the conclusions you did, regardless of
     what your answer was.
-  any_stacktraces:
-  stacktrace_with_fix:
-  note:
+  any_stacktraces: False
+  stacktrace_with_fix: False
+  note: | 
+    No stack trace(s) provided in online discussion of bug.
 forgotten_check:
   question: |
     Does the fix for the vulnerability involve adding a forgotten check?
@@ -356,8 +368,9 @@ forgotten_check:
     Answer must be true or false.
     Write a note about how you came to the conclusions you did, regardless of
     what your answer was.
-  answer:
-  note:
+  answer: True
+  note: |
+    The fix was adding a NULL pointer check.
 order_of_operations:
   question: |
     Does the fix for the vulnerability involve correcting an order of
@@ -369,8 +382,9 @@ order_of_operations:
     Answer must be true or false.
     Write a note about how you came to the conclusions you did, regardless of
     what your answer was.
-  answer:
-  note:
+  answer: False
+  note: |
+    The fix involved adding a new check, not moving existing code around.
 lessons:
   question: |
     Are there any common lessons we have learned from class that apply to this
@@ -387,38 +401,40 @@ lessons:
     If you think of another lesson we covered in class that applies here, feel
     free to give it a small name and add one in the same format as these.
   defense_in_depth:
-    applies:
+    applies: False
     note:
   least_privilege:
-    applies:
+    applies: False
     note:
   frameworks_are_optional:
-    applies:
+    applies: False
     note:
   native_wrappers:
-    applies:
+    applies: False
     note:
   distrust_input:
-    applies:
+    applies: False
     note:
   security_by_obscurity:
-    applies:
+    applies: False
     note:
   serial_killer:
-    applies:
+    applies: False
     note:
   environment_variables:
-    applies:
+    applies: False
     note:
   secure_by_default:
-    applies:
+    applies: False
     note:
   yagni:
-    applies:
+    applies: False
     note:
   complex_inputs:
-    applies:
-    note:
+    applies: True
+    note: |
+      Tool utilization not anticipated after a USB disconnect. The
+      ability for this input to change was not accounted for.  
 mistakes:
   question: |
     In your opinion, after all of this research, what mistakes were made that
@@ -448,7 +464,9 @@ mistakes:
 
     Write a thoughtful entry here that people in the software engineering
     industry would find interesting.
-  answer:
+  answer: |
+    The mistake seemed to have occured due to a missed step during development or
+    a lapse in judgement. The inital code was simply missing a single check.
 CWE_instructions: |
   Please go to http://cwe.mitre.org and find the most specific, appropriate CWE
   entry that describes your vulnerability. We recommend going to
@@ -473,5 +491,6 @@ nickname_instructions: |
   A catchy name for this vulnerability that would draw attention it.
   If the report mentions a nickname, use that.
   Must be under 30 characters. Optional.
-nickname:
+nickname: |
+  Phantom USB DOS
 CVSS: